Posted by starkos on March 13, 2008 at 5:08pm
| Project: | Webserver authentication |
| Version: | 5.x-0.0-rc1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
First attempt with rc1 and didn't seem to think anyone is logged in; problem seems to be at line 21:
if ($name != $_SERVER["REMOTE_USER"]) {
$name = $_SERVER["REDIRECT_REMOTE_USER"];
}
Here, $name hasn't been set yet. If I add:
$name = $_SERVER['REMOTE_ADDR'];
before this block then it starts to work.
Comments
#1
The code in question is testing inequality instead of testing the result of the assignment to $name (which is what I think was intended). I've attached a patch (this is my first patch, please let me know if I should do something differently).
edit: I encountered this issue with Drupal 5.7 on IIS6 (Windows 2003) with PHP 5.
#2
I've encountered this issue on a CentOS 4 box with apache 2.0.52 and PHP 4.3.9 and an OpenBSD box with apache 1.3.29 and PHP 5.2.3 with both using mod_auth_kerb to control access to drupal. I noticed when webserver_auth_init() was entered that $name was empty so it always failed the conditional but REDIRECT_REMOTE_USER is not set. I'm not sure how that gets setup by apache though. I ended up using this change instead so it uses REDIRECT_USER if it is set:
http://drupal.org/node/14294#comment-784044
#3
subscribe
#4
this was just fixed in a more verbose way in another issue.
#5
Automatically closed -- issue fixed for two weeks with no activity.